Spatial and temporal generalization emerged in the literature as a common approach to preserve location privacy. However, existing solutions have two main shortcomings. First, spatiotemporal generalization can be used with different objectives: for example, to guarantee anonymity or to decrease the sensitivity of the location information. Hence, the strategy used to compute the generalization can follow different semantics often depending on the privacy threat, while most of the existing solutions are specifically designed for a single semantics. Second, existing techniques prevent the so-called inversion attack by adopting a top-down strategy that needs to acquire a large amount of information. This may not be feasible when this information is dynamic (e.g., position or properties of objects) and needs to be acquired from external services (e.g., Google Maps).

In this contribution we present a formal model of the problem that is compatible with most of the semantics proposed so far in the literature, and that supports new semantics as well. Our BottomUp algorithm for spatio-temporal generalization is compatible with the use of online services, it supports generalizations based on arbitrary semantics, and it is safe with respect to the inversion attack. By considering two datasets and two examples of semantics, we experimentally compare BottomUp with a more classical top-down algorithm, showing that BottomUp is efficient and guarantees better performance in terms of the average size (space and time) of the generalized regions.